Lucene search
MitreVULNRICHMENT:CVE-2023-52892HistoryJun 27, 2024 - 12:00 a.m.
CVE-2023-52892
2024-06-2700:00:00
mitre
github.com
1
phpseclib
tls certificates
x.509
host verification
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*"
],
"vendor": "phpseclib",
"product": "phpseclib",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.0.22",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.0",
"lessThan": "2.0.46",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.0",
"lessThan": "3.0.33",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
github
github
Name confusion in x509 Subject Alternative Name fields
2024-06-28 00:33:31
veracode
veracode
Improper Certificate Validation
2024-06-28 06:15:28
osv
osv
Name confusion in x509 Subject Alternative Name fields
2024-06-28 00:33:31
CVE-2023-52892
2024-06-27 22:15:10
UBUNTU-CVE-2023-52892
2024-06-27 22:15:00
ubuntucve
ubuntucve
CVE-2023-52892
2024-06-27 00:00:00
debiancve
debiancve
CVE-2023-52892
2024-06-27 22:15:10
cvelist
cvelist
CVE-2023-52892
2024-06-27 00:00:00
cve
cve
CVE-2023-52892
2024-06-27 22:15:10
nvd
nvd
CVE-2023-52892
2024-06-27 22:15:10
redos
redos
ROS-20240702-04
2024-07-02 00:00:00
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2023-52892